4525 matches found
CVE-2025-49810
Mattermost versions 10.5.x = 10.5.8 fail to validate access controls at time of access which allows user to read a thread via AI posts...
CVE-2025-49810 Thread summarization allows persistent access to channel
Mattermost versions 10.5.x = 10.5.8 fail to validate access controls at time of access which allows user to read a thread via AI posts...
CVE-2025-49810 Thread summarization allows persistent access to channel
Mattermost versions 10.5.x = 10.5.8 fail to validate access controls at time of access which allows user to read a thread via AI posts...
CVE-2025-50938
Cross site scripting XSS vulnerability in Hustoj 2025-01-31 via the TID parameter to thread.php...
ROS-20250821-06
A vulnerability in the Perl programming language is related to the race condition if a directory descriptor is opened when the thread is created. Exploitation of the vulnerability could allow an attacker to interfere with the application's behavior...
kernel: Fix of CVE-2023-52572
cifs: Fix UAF in cifsdemultiplexthread CVE-2023-52572...
CLSA-2025-1755707175 kernel: Fix of CVE-2023-52572
cifs: Fix UAF in cifsdemultiplexthread CVE-2023-52572...
SUSE CVE-2025-38615
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: cancle set bad inode after removing name fails The reproducer uses a file0 on a ntfs3 file system with a corrupted ilink. When renaming, the file0's inode is marked as a bad inode because the file name cannot be deleted...
CVE-2025-50938
Cross site scripting XSS vulnerability in Hustoj 2025-01-31 via the TID parameter to thread.php...
CVE-2025-50938
Cross site scripting XSS vulnerability in Hustoj 2025-01-31 via the TID parameter to thread.php...
Linux Distros Unpatched Vulnerability : CVE-2025-23166
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The C++ method SignTraits::DeriveBits may incorrectly call ThrowException based on user-supplied inputs when executing in a background thread, crashing the...
CVE-2025-50938
Cross site scripting XSS vulnerability in Hustoj 2025-01-31 via the TID parameter to thread.php...
PT-2025-33746 · Hustoj · Hustoj
Name of the Vulnerable Software and Affected Versions: Hustoj version 2025-01-31 Description: The software contains a cross site scripting XSS issue in the thread.php file through the TID parameter. Recommendations: As a mitigation, sanitize the TID parameter in the thread.php file...
CVE-2025-50938
CVE-2025-50938 is a cross-site scripting (XSS) vulnerability in Hustoj detected on 2025-01-31, exploitable via the TID parameter in the file thread.php. The issue arises from unsanitized input in the TID parameter, enabling an attacker to inject malicious scripts. According to the CVE metadata, t...
CVE-2025-50938
Cross site scripting XSS vulnerability in Hustoj 2025-01-31 via the TID parameter to thread.php...
CVE-2025-53948
The Sante PACS Server allows a remote attacker to crash the main thread by sending a crafted HL7 message, causing a denial-of-service condition. The application would require a manual restart and no authentication is required...
CVE-2025-53948
CVE-2025-53948 pertains to the Sante PACS Server, where a remote attacker can crash the main thread by sending a crafted HL7 message, resulting in a denial-of-service condition. The vulnerability enables unauthenticated remote impact and requires a manual restart to restore service. Multiple sour...
CVE-2025-53948 Santesoft Sante PACS Server Double Free
The Sante PACS Server allows a remote attacker to crash the main thread by sending a crafted HL7 message, causing a denial-of-service condition. The application would require a manual restart and no authentication is required...
CVE-2025-38525
A flaw was found in the Linux kernel’s Remote Execution RPC RxRPC implementation, where the rxrpcassessMTUsize function is invoked with interrupts disabled during the handling of an incoming call. This function queries the IP layer for route MTU information, but the IP layer internally uses...
CVE-2025-38524
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix recv-recv race of completed call If a call receives an event such as incoming data, the call gets placed on the socket's queue and a thread in recvmsg can be awakened to go and process it. Once the thread has picked up...